When the IAM user who is set to the "access key alias" of the AWS has the "PowerUserAccess" policy only, the below understanding is correct?
On the AWS policy, if I set less restrict policy than the PowerUserAcesss, it is possible to do division of authority.
On the AWS policy, if I set more restrict policy than the PowerUserAccess, when the user tries to AWS console from the Access screen, it will not reach the AWS console screen because of the access denied.